Law Enforcement and Facial Recognition Technologies in Italy – An Activist’s Update

By Alice Giannini, 3rd October 2024

Illustration by Cynthia Alonso

StraLi is an NGO created in Italy in 2018 that focuses on strategic litigation. In June 2022, StraLi’s work was supported with a pre-litigation research grant funded by the DFF. The purpose of the research was to prepare a litigation strategy to ensure that the use of facial recognition technology (FRT) by law enforcement authorities (“LEAs”) would only be carried out pursuant to a well-defined legislative framework and in compliance with fundamental human rights. To do so, our first step was to publish a research report where we studied the legal framework applicable to FRTs at national, international, and European levels.

The need for this type of research was triggered by distinctive national circumstances: the adoption in October 2021 of a moratorium suspending the installation and use of FRTs in public spaces by both private and public actors with two exclusions:

  1. the suspension does not apply to judicial authorities, public prosecutors and LEAs using FRTs for the prevention, investigation, detection, and prosecution of criminal offences, or the execution of criminal penalties; and
  2. in case FRTs are deployed by judicial authorities and public prosecutors for the purposes mentioned at (1), no preemptive control from the Italian Data Protection Authority (“DPA”) is required.

What does this entail? It means that the moratorium had little to no impact on the use of FRTs in the Italian criminal justice system

But what type of FRTs are being deployed in Italy by LEAs and how?

SARI (“Sistema Automatico Riconoscimento Immagini”)

In January 2017, the Italian Ministry of the Interior purchased SARI (“Sistema Automatico Riconoscimento Immagini”, Automated Image Recognition System). SARI’s core function is to search for points on the image of a face: these can be characterising points, such as the eyes, nose, and chin. 

It is based on two different “modules”: SARI-Enterprise and SARI-Real Time. The former, on the one hand, received a green light from the Italian DPA in 2018 and is an instance of post remote FRT (where identification happens later rather than in real time). The DPA classified Sari-Enterprise as nothing but a tool which automates operations on biometric data already conducted manually by police officials on the same database (Automated Fingerprint Identification System – “A.F.I.S”). The use of the latter, on the other hand, was blocked by the Italian DPA in 2021, as it was not justified by a suitable legal basis.

Having established that Italian LEAs and judicial/ prosecutorial authorities are “only” making use of one type of post-remote FRT, what is the actual use of FRT by law enforcement and judicial authorities in Italy? This is what we tried to find out.

A Small Step towards Transparency

As of today, there has been no Italian case law specifically on SARI.

While other countries have adopted a more transparent communication line with their citizens regarding the use of these technologies (e.g., Dutch Police, the London’s Metropolitan Police, the South Wales Police), Italy has yet to follow this good practice. The only times that we found out about SARI’s usage was through newspapers reporting on its successful use (for example to identify a suspect guilty of rape or one guilty of attempted murder).

Yet, for the first time, we are now able to know the exact number of searches conducted by the Forensic Police Service using SARI Enterprise.

We first tried mapping the use of FRTs by submitting anonymous and informal questionnaires to police headquarters, public prosecutors’ offices, and municipalities. However, as testified in the second report we published, we were not able to open a channel of communication with these authorities.

Therefore, in May 2024, in collaboration with IrpiMedia, we submitted Freedom of Information Act requests (“FOIA”; in Italian: “accesso civico generalizzato”) to over 15 interregional and regional scientific police headquarters distributed in the Italian territory. Our goal was to obtain a series of information about the use of SARI.

All our requests were forwarded to the Central Anti-Crime Directorate of the State Police-Forensic Police Service (Direzione Centrale Anticrimine della Polizia di StatoServizio Polizia Scientifica), who denied some of the requests, as the disclosure of the information requested could cause concrete harm to the protection of the public interest of public order and safety.

We decided to appeal and asked for a review from the Head of Prevention, Corruption, and Transparency at the Ministry of the Interior. We argued that the cognizance of this type of information could not pose a concrete harm as it would not entail revealing strategic information, such as specific information about the facilities, means, equipment, personnel, and actions instrumental to the protection of public order. Moreover, we believe that there is an enhanced duty to transparency upon public administrations when public funds, including European funds, are used to finance systems aimed at the pursuit of crime prevention and law enforcement activities.

Our review was granted (the Ministry of the Interior’s response can be read here). Here’s what we unveiled:

  • In 2022, there were 79,362 searches conducted via SARI Enterprise.
  • In 2023, there were 131,023 searches.

This marks an increase of over 65% between the searches of 2022 and those of 2023, despite a completely different situation concerning crimes committed: during the first seven months of 2023, there was only a 5.5% decrease in crimes compared to the same period in 2022.

Conclusion

The road is still long ahead and paved with obstacles.

A lot of issues remain open: having established that the most strategic way to obtain a suitable governance of the use of FRTs in the Italian justice system would be via domestic avenues, we still have not found a suitable case to litigate.

Such a difficulty may be connected to the fact that, theoretically, (the outputs of) SARI Enterprise cannot be used as evidence during trial, but only to steer investigations. This is a consequence of reconducting the identification conducted by SARI Enterprise to that of (human) law enforcement officers, as mentioned above. Yet, it appears that LEAs and judicial authorities are using SARI Enterprise for something “more” than mere identification: we know, for example, that a prosecutor in Milan used SARI to identify the face of a person involved in a brawl with four other individuals by comparing images recorded by a video surveillance system with faces “present on telephone utilities” (presumably Whatsapp profile photos). The prosecutor then used this result to support a request for the application of pre-trial detention. This technically still does not amount to inculpating evidence, but it would if the police officer who validated SARI’s results were to be called to testify during trial (hence SARI’s identification would “enter” the adjudication phase of the trial via the LEA’s witness).

Due to this persistent lack of information civil society representatives struggle to even grasp the magnitude of the phenomenon. Are LEAs using SARI Enterprise on a daily basis during their investigative activities? Or is this a niche activity? Do officers receive special training in order to learn how to use SARI and to interpret its results? 

We, as civil society representatives, are (almost) in the dark. That is why even small bits of information, such as statistics on the number of searches conducted, are beacons of light. 

Moving forward, we would like to continue working on this issue and we are currently working on our next steps. Our search for “the” case to litigate continues and we welcome any input from stakeholders who may have insights or relevant information to share.

Further readings

Picture of  Alice Giannini
Alice Giannini

Double PhD in Criminal Law. Assistant Professor of Criminal Law and Criminal Procedure, Maastricht University. Lawyer and Head of StraLi’s Digital Rights team